Cape Town - For those of you who notice the finer details of things such as what is in the address bar of your browser, you would have picked up that IOL is now on https://www.iol.co.za(as opposed to http). More than noticing just the extra "s", you may have seen a nice green and friendly security lock icon on the left, depending on your browser of choice.
HTTP stands for "Hyper Text Transfer Protocol", and HTTPS adds "Secure" onto the end. That's really what it is about.
HTTP is the agreed communication protocol that your browser and our servers use to talk to each other. HTTPS takes it further to ensure that the communications that happen are encrypted.
This is great news for you as it means that it is a lot more difficult for the not-so-friendly techie geeks out there to somehow jump in on the conversation and add their own voices to it. That's what is known as "man-in-the-middle attacks". It's how a lot of computer viruses are spread, personal information is stolen and the list goes on.
HTTPS has been around for the last 20 years or so, and was primarily used for sites which dealt with sensitive information. All of your internet banking sites, for example will be on HTTPS by law. News sites are not high on the list since they are mainly about delivering information to you and not the other way round. HTTPS however has had a steady take-up around the world and it is worth the effort to get it going.
What did we have to do to get you on HTTPS?
The switch-over was a 15 minute job, which we hope you hardly noticed. Under the bonnet, however, is always a different story.
Our site is built up from information that we fetch from lots of other locations. For us to be HTTPS compliant, it means that all of these other locations also have to be HTTPS. One broken link in the chain means a broken chain. So, starting at the bottom, where the other locations are controlled by ourselves, we had to apply for SSL certificates (SSL = "Secure Sockets Layer"). This is like an ID book for your site which some authority has issued to you when you prove to them that you are who you say you are. We used some free certificates for these (Certbot and LetsEncrypt, for those who like the techie details). Once we had all these certificates, we could move these smaller locations onto HTTPS. For other 3rd party sites which are not in our control, we had to write to them and ask them to get onto HTTPS if they were not already. All this takes a bit of an effort and can drag out a bit.
Another challenge is with all our old articles. We have something like 1,430,000 articles in our database which you can still access from our site. If one of our old articles had a link in them to another old article, then that would have been an HTTP link, so if we try to load that first article it would also break our nice and squeaky-clean HTTPS page. Well, the good news is that we did not have to go back and manually edit every article that had our links in them. Fortunately we can be a little smarter than that and do it with software. There is a wonderful tool called "regex", or "Regular Expression", which can get a bit hairy to use sometimes, but is an extremely powerful way of taking a bunch of text and making changes to it on-the-fly, much like a search-and-replace drive-though. We were able to push all our articles through a regular expression to change our HTTP links to HTTPS.
There is a wonderful provider on the internet called CloudFlare. These folks are amazing. They are a CDN (a "Content Delivery Network"), meaning that they fetch all our articles from our servers and store them in "the Cloud". It means that you actually fetched this article from them and not from our servers, making it much faster for you. They even do this for free, up to certain levels! On top of this, they can also provide SSL certificates. We had to pay for this part, but it is well worth it, and it was quick and easy to set up.
Once all this was in place, we were able to flick the switch and direct you to our new HTTPS site.
The backend work doesn't stop there however. That's when our testers and analysts throw all their tools at the site to double-check our work and pick up any holes we have missed.
Finally, we felt we needed to write this article to help you, our valued reader, know that we want to deliver the best and safest reading experience for you that we are able to.